Following are highlights of the comments on what's shaping up to be the hottest information security story of the year.

William Hugh Murray, CISSP

"This morning the FBI attributed the attack against Sony to North Korea.

Whether or not North Korea conducted or simply paid for this attack, whether or not the attack was "state sponsored," they have scored a huge victory. They have humiliated both the World's remaining "superpower" and Japan, their ancient enemy and recent occupier. They have won what may be the first and only battle in this "cyberwar." They have demonstrated not only that Sony's security was weak but that Sony had documented the weakness without a budget or schedule for mitigation. They have reinforced the fear that our national infrastructure is vulnerable to crippling attack from the Internet. They have demonstrated that they need only whisper the magic words "nine one one" to get the risk averse, not to say fearful and feckless, American people to compromise the First Amendment and betray all those who have sacrificed life and limb to defend it. Not bad for a starving country that numbers its Internet users in the low thousands."

William Hugh Murray, CISSP
"Once more the terrorists have won. Once more the American people have proven to be fearful and feckless. Those who have sacrificed life and limb to defend our freedoms have been betrayed. We have all been shamed. Will we never again stand tall?"

RiskIQ

"Assigning blame too early is never a sound strategy. Sony Films execs appear to be more interested in sweeping things under the rug, rather than addressing the security and criminal aspect of this incident. Hopefully, other organizations will take this as a lesson that hacking isn't a problem that will go just go away if you weather the PR storm. Real actions need to be taken in order to protect your data and that of your customers/employees."

William Hugh Murray, CISSP
"The necessary knowledge, skills, and abilities to carry out this attack can be purchased in the market place. For purposes of such attacks, and with the UK/USA nations excepted. all nation states are equally capable.

However, we are not equally vulnerable, Our dependence upon complex infrastructure and our fearfulness makes us peculiarly vulnerable among nations. Note that having demonstrated the vulnerability, these hackers merely had to invoke "9/11" to get us to throw free speech under the bus. Are we more likely to defend trial by jury or freedom from search, seizure, and cruel and unusual punishment? Hardly likely. There appears to be no value for which we are prepared to take any risk. We are not simply risk averse, we now expect zero risk."

Posted on "Sony Hack: Is North Korea Really to Blame?"

@euroinfosec It's been a very long time since we've seen credible plots in that industry.

Saalbach
"Clearly the US bravado and dollars are more important than the lives of its citizens. Perhaps a rethink of where the US sits in the world is overdue - a change in attitude to people of different race, belief and economic values might reduce some of the attacks (both cyber and physical) against it. I must confess, I like the idea of releasing the film online, and getting donations for worthwhile purposes - probably won't happen as it goes against the idea of raking in as much money as possible.

Maybe all those who are shocked by Sony's decision could demonstrate their bravery by all going to the same cinema for a screening on the same night?"

Jack McCarrup (in reply to Saalbach)
"Do you mean we should start thinking like Isis and treat women the same way? And no one with critical thinking skills believes for a minute that any Neville Chamberlin-esque actions will convince terrorists to stand down. The only effective response to terrorism is...shall we say...neutralization."

Posted on "Sony's Action Called 'Dangerous Precedent'"

Jack McCarrup
"Random points:

Who decided it would be funny and profitable to fund a movie about the assassination of a country's active leader? Regardless of how despicable one may think he is (and he is), what island were these people living on?

The gist of the article is indeed valid. If we back down to a group of terrorists on this, there is no stopping that slippery slope. I could care less about the movie, and would not have gone to see it in the first place, but this proves that Americans can be cowed. And that is very, very dangerous.

You cannot appease terrorists. No matter what you do, they will never stop terrorizing you until you, um, neutralize them.

What a sad day to see how our leadership has destroyed the spirit of a great country."

Posted on "Sony's Action Called 'Dangerous Precedent'"

Jack McCarrup
"What island were these people on when they dreamed up the idea to make a comedy about killing a sitting leader? Regardless that he is a murderous buffoon, it's a bizarre premise. That was all they could come up with that fit their definition of 'funny'?"

Rick Romero
"They like to rattle their saber at everyone, but it doesn't mean they actually did anything."
While that's true, this is the United States, and authorities take action even when there is no evidence of intent of action by the perpetrator of 'dangerous' words.

Posted on "Sony Hack a 'National Security Matter'"

ISMG User
"I wanted to see this movie because of the actors/actresses, not because of what country or leader it involved. I feel sorry for people that live their lives so seriously that they cant take up to 2-3 hours, depending on the show, to sit and laugh with fellow human beings."

Posted on "Sony's Action Called 'Dangerous Precedent'"

ISMG User
"The only thing they won was a lot of media and new fans for the movie. I predict it will be distributed in some fashion by mid February and direct to consumer pay per view is a great vehicle for it. I think a 24 hour rental for $5 with all proceeds going to the "Wounded Warrior" project would be a great way to demonstrate that "We The People" do stand tall."

Posted on "Sony Hackers Threaten Movie Theaters"

William Hugh Murray, CISSP
"The POTUS has promised a "proportionate" response."

About the Author

Goldschmidt is the former Associate Editor for ISMG. A recent graduate of Ithaca College, she has worked for multiple publications in NJ and NY, including the Trentonian and the Rochester Business Journal, instilling a passion for writing, editing and social media.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;